This example YAML code shows how to add a Pipeline Scan as a build stage in a GitHub Actions build pipeline that uses Gradle.
name: pipeline-scan
on: push
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: build
run: gradle clean build
pipeline-scan:
runs-on: ubuntu-latest
steps:
- name: Set up JDK 1.8
uses: actions/[email protected]
with:
java-version: 1.8
- name: Download the Pipeline Scanner
uses: wei/[email protected]
with:
args: -O https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip
- name: Unzip the Pipeline Scanner
run: unzip pipeline-scan-LATEST.zip
- name: Run Pipeline Scanner
run: java -Dpipeline.debug=true -jar pipeline-scan.jar --veracode_api_id "${{secrets.VERACODE_API_ID}}" --veracode_api_key "${{secrets.VERACODE_API_KEY}}" --file "example.jar" --fail_on_severity="Very High, High"